Re: ruserok() & /etc/hosts.equiv

• Messages sorted by: [ date ][ thread ][ subject ][ author ]
• Next message: Walker Aumann: "Re: ruserok() & /etc/hosts.equiv"
• Previous message: saouli@math.ethz.ch: "Re: FIRST and CERT"
• In reply to: Walker Aumann: "ruserok() & /etc/hosts.equiv"
• Next in thread: Walker Aumann: "Re: ruserok() & /etc/hosts.equiv"

Walker Aumann has said
> 
> I ran over something last week while playing around with our Suns (4.1.3),
> and thought I'd pass it on to you while it makes its way through Sun.
> 
> ruserok() denies access if /etc/hosts.equiv contains a line with only a '+'.
> This seems like a Good Thing to me, even though it's not expected behaviour,
> but it makes me wonder about rlogin, rcp, and rsh, since they still seem to
> work correctly (i.e., they let anyone who wants to walk all over your machine).
> 
> Walker

Define what you meant by ``ruserok denies access'' --

As far as I can tell, ruserok() function, which is
defined in rcmd.o module of libc returns a ``0'' if
the machine name is listed in the ``hosts.equiv'' file
or the host and remote user name are found in the ``.rhosts'' 
file; Otherwise it just returns a ``-1'', so having a ``+''
in /etc/hosts.equiv means that ruserok in fact does NOT deny access.

Actually, you might want to modify rcmd.o to *always* deny,
because aside of that it's being broken (doesn't check permission
of .rhosts or, /etc/hosts.equiv) it's also vulnerable to source
routing, or any kind of DNS games -- after all it uses gethostbyaddr(3N)
to determine whether or not you're coming from a *trusted* site.


--- Jonathan

jsz@netsys.com

• Next message: Walker Aumann: "Re: ruserok() & /etc/hosts.equiv"
• Previous message: saouli@math.ethz.ch: "Re: FIRST and CERT"
• In reply to: Walker Aumann: "ruserok() & /etc/hosts.equiv"
• Next in thread: Walker Aumann: "Re: ruserok() & /etc/hosts.equiv"